Following the recent announcements from Hotbit Exchange, which confirmed that their exchanges have been compromised by hackers, the database is stolen, which means hackers can have access to users’ funds. Here are the details below.
Dear respected users,
Hotbit just suffered a serious cyber attack starting around 08:00 PM UTC, April 29, 2021, which led to the paralyzation of a number of some basic services. Meanwhile, the attackers also tried to hack into Hotbit’s wallets (However, the attempt was identified and stopped by our risk control system).
In this case, the Hotbit team has shut down all services for inspection and restoration immediately, and the overall recovery period is expected to be no less than 7 days. Please note that all your assets are safe and secure, and you can follow us on Twitter, Facebook, and Telegram for Hotbit’s latest recovery progress. Currently, our work consists of the following two sections:
- Considering the fact that Hotbit is about to exceed 2 million registered users and has a huge service system architecture of more than 200 servers online, in order to ensure security, the Hotbit team will completely rebuild all servers；
- The attacker maliciously deleted the user database after failing to obtain assets. Although the database is routinely backed up, we are still uncertain whether the attacker has polluted data or not before the attack. Therefore, we also need to conduct a comprehensive inspection of the overall data. Once an anomaly is detected, we will perform an accurate reconstruction to ensure that all user data is accurate.
- Therefore, these two sections of work will consume a lot of time. We initially expect that the recovery period will last about 7-14 days. The estimated time of recovery will be more as all things going on, and we will update our latest progress in Hotbit communities as well.
If you have an account on Hotbit, the following are things you should be aware of
- The attacker has already gained access to the database, so your registration phone number, email address, and asset data might have a leaking risk. However, the password and 2FA key are encrypted so theoretically should be safe. But from the security point of view, if your account and password on another website or app are the same as Hotbit’s, it is safer to change the password now;
- If you receive an email or private message in the name of Hotbit, you can contact us through official channels (Twitter, Facebook, Telegram) to verify identity before replying; Leveraged ETF products are not suitable for long-term holding and therefore Hotbit will be fully responsible for all losses suffered by the position-holder during the maintenance period.
- Your Open Orders on Hotbit will be canceled when the system is restored to avoid unintended trading losses. All daily routine income distributions (such as investment products, current products, and FIL cloud computing power ) will be paid out after the maintenance is completed.
We must admit that this is the biggest setback of Hotbit since the establishment on January 2018.
Security issues have always been the pain of the blockchain industry, which has always been one of the major concerns of Hotbit as well. In the future, the Hotbit team will continue to strengthen security departments. Meanwhile, by cooperating with the world’s famous third-party Internet security teams, Hotbit will also conduct a thorough inspection and investigation on the attack issue and thoroughly upgrade the security level of the whole system.
Please continue to follow our official media links for other latest information: